<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>403</title>
</head>
<body>
<h1>forbidden!!!</h1>
<pre class="xml hljs"><code class="xml"><span class="hljs-tag">&lt;<span class="hljs-name">b:beans</span> <span class="hljs-attr">xmlns</span>=<span class="hljs-string">"http://www.springframework.org/schema/security"</span>
         <span class="hljs-attr">xmlns:b</span>=<span class="hljs-string">"http://www.springframework.org/schema/beans"</span> <span class="hljs-attr">xmlns:xsi</span>=<span class="hljs-string">"http://www.w3.org/2001/XMLSchema-instance"</span>
         <span class="hljs-attr">xsi:schemaLocation</span>=<span class="hljs-string">"http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"</span>&gt;</span>


    <span class="hljs-comment">&lt;!--登陆页面不验证--&gt;</span>
    <span class="hljs-tag">&lt;<span class="hljs-name">http</span> <span class="hljs-attr">pattern</span>=<span class="hljs-string">"/userLogin.html"</span> <span class="hljs-attr">security</span>=<span class="hljs-string">"none"</span> /&gt;</span>
    <span class="hljs-comment">&lt;!--静态文件请求不验证--&gt;</span>
    <span class="hljs-tag">&lt;<span class="hljs-name">http</span> <span class="hljs-attr">pattern</span>=<span class="hljs-string">"/js/**"</span> <span class="hljs-attr">security</span>=<span class="hljs-string">"none"</span> /&gt;</span>
    <span class="hljs-tag">&lt;<span class="hljs-name">http</span> <span class="hljs-attr">pattern</span>=<span class="hljs-string">"/css/**"</span> <span class="hljs-attr">security</span>=<span class="hljs-string">"none"</span> /&gt;</span>
    <span class="hljs-comment">&lt;!--restful请求--&gt;</span>
    <span class="hljs-tag">&lt;<span class="hljs-name">http</span> <span class="hljs-attr">pattern</span>=<span class="hljs-string">"/login"</span> <span class="hljs-attr">security</span>=<span class="hljs-string">"none"</span> /&gt;</span>
    <span class="hljs-tag">&lt;<span class="hljs-name">http</span> <span class="hljs-attr">pattern</span>=<span class="hljs-string">"/getGrid"</span> <span class="hljs-attr">security</span>=<span class="hljs-string">"none"</span> /&gt;</span>
    <span class="hljs-comment">&lt;!--浏览器会自动请求网站图标：favicon.ico -不验证  --&gt;</span>
    <span class="hljs-tag">&lt;<span class="hljs-name">http</span> <span class="hljs-attr">pattern</span>=<span class="hljs-string">"/favicon.ico"</span> <span class="hljs-attr">security</span>=<span class="hljs-string">"none"</span> /&gt;</span>
    <span class="hljs-tag">&lt;<span class="hljs-name">http</span> &gt;</span>

        <span class="hljs-comment">&lt;!--自定义权限不足时显示的页面--&gt;</span>
        <span class="hljs-tag">&lt;<span class="hljs-name">access-denied-handler</span> <span class="hljs-attr">error-page</span>=<span class="hljs-string">"/accessHint.html"</span>&gt;</span><span class="hljs-tag">&lt;/<span class="hljs-name">access-denied-handler</span>&gt;</span>
        <span class="hljs-comment">&lt;!-- 自定义登录界面 --&gt;</span>
        <span class="hljs-tag">&lt;<span class="hljs-name">form-login</span>
                <span class="hljs-attr">authentication-failure-url</span>=<span class="hljs-string">"/userLogin.html?error=true"</span>
                <span class="hljs-attr">login-page</span>=<span class="hljs-string">"/userLogin.html"</span>
                <span class="hljs-attr">default-target-url</span>=<span class="hljs-string">"/index.html"</span>
                <span class="hljs-attr">login-processing-url</span>=<span class="hljs-string">"/j_spring_security_check"</span> /&gt;</span>
        <span class="hljs-tag">&lt;<span class="hljs-name">logout</span> <span class="hljs-attr">invalidate-session</span>=<span class="hljs-string">"true"</span>
                <span class="hljs-attr">logout-success-url</span>=<span class="hljs-string">"/userLogin.html"</span>
                <span class="hljs-attr">logout-url</span>=<span class="hljs-string">"/j_spring_security_logout"</span>/&gt;</span>
        <span class="hljs-comment">&lt;!-- 通过配置custom-filter来增加过滤器，before="FILTER_SECURITY_INTERCEPTOR"表示在SpringSecurity默认的过滤器之前执行。 --&gt;</span>
        <span class="hljs-tag">&lt;<span class="hljs-name">custom-filter</span> <span class="hljs-attr">ref</span>=<span class="hljs-string">"filterSecurityInterceptor"</span> <span class="hljs-attr">before</span>=<span class="hljs-string">"FILTER_SECURITY_INTERCEPTOR"</span> /&gt;</span>
        <span class="hljs-tag">&lt;<span class="hljs-name">csrf</span> <span class="hljs-attr">disabled</span>=<span class="hljs-string">"true"</span> /&gt;</span>

    <span class="hljs-tag">&lt;/<span class="hljs-name">http</span>&gt;</span>

    <span class="hljs-comment">&lt;!-- 认证过滤器 --&gt;</span>
    <span class="hljs-tag">&lt;<span class="hljs-name">b:bean</span> <span class="hljs-attr">id</span>=<span class="hljs-string">"filterSecurityInterceptor"</span>
                <span class="hljs-attr">class</span>=<span class="hljs-string">"com.hand.security.utils.MyFilterSecurityInterceptor"</span>&gt;</span>
        <span class="hljs-tag">&lt;<span class="hljs-name">b:property</span> <span class="hljs-attr">name</span>=<span class="hljs-string">"rejectPublicInvocations"</span> <span class="hljs-attr">value</span>=<span class="hljs-string">"true"</span>/&gt;</span>
        <span class="hljs-comment">&lt;!-- 用户拥有的权限 --&gt;</span>
        <span class="hljs-tag">&lt;<span class="hljs-name">b:property</span> <span class="hljs-attr">name</span>=<span class="hljs-string">"accessDecisionManager"</span> <span class="hljs-attr">ref</span>=<span class="hljs-string">"accessDecisionManager"</span> /&gt;</span>
        <span class="hljs-comment">&lt;!-- 用户是否拥有所请求资源的权限 --&gt;</span>
        <span class="hljs-tag">&lt;<span class="hljs-name">b:property</span> <span class="hljs-attr">name</span>=<span class="hljs-string">"authenticationManager"</span> <span class="hljs-attr">ref</span>=<span class="hljs-string">"authenticationManager"</span> /&gt;</span>
        <span class="hljs-comment">&lt;!-- 资源与权限对应关系 --&gt;</span>
        <span class="hljs-tag">&lt;<span class="hljs-name">b:property</span> <span class="hljs-attr">name</span>=<span class="hljs-string">"securityMetadataSource"</span> <span class="hljs-attr">ref</span>=<span class="hljs-string">"securityMetadataSource"</span> /&gt;</span>
    <span class="hljs-tag">&lt;/<span class="hljs-name">b:bean</span>&gt;</span>

    <span class="hljs-comment">&lt;!-- 2、更改验证信息加载方式 --&gt;</span>
    <span class="hljs-tag">&lt;<span class="hljs-name">authentication-manager</span> <span class="hljs-attr">alias</span>=<span class="hljs-string">"authenticationManager"</span>&gt;</span>
        <span class="hljs-tag">&lt;<span class="hljs-name">authentication-provider</span>
                <span class="hljs-attr">user-service-ref</span>=<span class="hljs-string">"mUserDetailsService"</span>&gt;</span>
            <span class="hljs-comment">&lt;!--如果用户的密码采用加密的话 &lt;password-encoder hash="md5" /&gt; --&gt;</span>
        <span class="hljs-tag">&lt;/<span class="hljs-name">authentication-provider</span>&gt;</span>
    <span class="hljs-tag">&lt;/<span class="hljs-name">authentication-manager</span>&gt;</span>

    <span class="hljs-comment">&lt;!-- 1、配置自定义类MUserDetailsService --&gt;</span>
    <span class="hljs-tag">&lt;<span class="hljs-name">b:bean</span> <span class="hljs-attr">id</span>=<span class="hljs-string">"mUserDetailsService"</span> <span class="hljs-attr">class</span>=<span class="hljs-string">"com.hand.security.service.impl.MUserDetailsService"</span> /&gt;</span>

    <span class="hljs-comment">&lt;!--访问决策器，决定某个用户具有的角色，是否有足够的权限去访问某个资源 --&gt;</span>
    <span class="hljs-tag">&lt;<span class="hljs-name">b:bean</span> <span class="hljs-attr">id</span>=<span class="hljs-string">"accessDecisionManager"</span> <span class="hljs-attr">class</span>=<span class="hljs-string">"com.hand.security.utils.MyAccessDecisionManager"</span>&gt;</span><span class="hljs-tag">&lt;/<span class="hljs-name">b:bean</span>&gt;</span>

    <span class="hljs-comment">&lt;!--资源源数据定义，将所有的资源和权限对应关系建立起来，即定义某一资源可以被哪些角色访问 --&gt;</span>
    <span class="hljs-tag">&lt;<span class="hljs-name">b:bean</span> <span class="hljs-attr">id</span>=<span class="hljs-string">"securityMetadataSource"</span> <span class="hljs-attr">class</span>=<span class="hljs-string">"com.hand.security.utils.MFilterInvocationSecurityMetadataSource"</span> &gt;</span><span class="hljs-tag">&lt;/<span class="hljs-name">b:bean</span>&gt;</span>

<span class="hljs-tag">&lt;/<span class="hljs-name">b:beans</span>&gt;</span></code></pre>
</body>
</html>